[nsp-sec] amazon blocking

[Phillip G Deneault]

Sorry for the lateness of my reply.  I've inspected this system and can 
find no trace of intrusion.  I also reviewed all flows to and from this 
computer along with the HTTP requests.  It appears the user was looking 
at a lightning deal promotion but the total number of GET and POST 
requests(which are for every page, image, whatever) total only 1421 over 
the last 48 hours and seems to be spread around with other browsing 
traffic appropriate for a local user.

I humbly submit that my IP and possibly other IPs might have been caught 
in the dragnet.  If you would like evidence either for your own 
investigation, or to help resolve this matter, please let me know.

Just a taste for those watching at home:

1213045366.95||130.215.17.87||POST||
www.amazon.com/gp/goldbox/display/lightning-deals/ajax/json/get-promotion-by-deal-id.html
||HTTP/1.1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) 
Gecko/20080404 Firefox/2.0.0.14||

Thanks,
Phil

Dave Burke wrote:
> ----------- nsp-security Confidential --------
> 
> Hi,
> 
> Here is the updated list of what we are currently null routing on our
> border network - this is the same list across all retail sites.
> 
> dave

> 10326   | 130.215.17.87    | WPI - Worcester Polytechnic Institute

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phil Deneault              "We work in the dark. We do what we can.
deneault at wpi.edu                              We give what we have.
Network Security Officer 		  Our doubt is our passion,
Network Operations                     and our passion is our task.
Worcester Polytechnic Institute    The rest is the madness of art."
http://www.wpi.edu/~deneault/   		      - Henry James
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-